andy6581

Oh ****

I left my computer on-line all day today whilst at work, when i came home, my shortcuts on the desktop had been renamed. IE. My documents was renamed "You Have been" and my other shortcuts were renamed "hacked"

A Folder had also been deleted, a very specific one which had important stuff in it, the rest of "My Documents" were still there. How has this happened???? More importantly, HOW DO I PROTECT MYSELF?? i have a virus scanner, but ovbiously this hasn't helped!!

bob

You need a Firewall get a free one at:

andy6581

Cheers Bob

Will this protect me from people using Trojans?? Is there anything ts won't detect that i should be aware of, ive downloaded it and it looks like a nice tool.

Thanks

Andy

Dave T-S

I've been using Zonealarm for about six months now and it appears to work well. Get a lot of intrusions picked up (about six tonight already) - but sometimes it is only your ISP server pinging you back if you have been inactive or similar.

If you are using IE, have you upgraded to the latest version - 5.05, 5.5 or whatever, I can't remember without looking - this has some important ActiveX fixes in it.

Dream Weaver

Why did you leave your PC online all day?

Bit silly now wasn't it. You must be on ADSL or something as well - would cost a bomb over the phone line.

Zonealarm is generally good but there have been reports of some protection missing - nothing to worry about though.

DW

bob

I have been using it for some time now. At first Its a pain, asking you if so and so can use the internet and can this site be used a a server. But I think it gives good protection. The only downfall I can think of is if you use a site that acts as a server for you as Napster etc. If you allow the site to be a server for you perhaps someone could slip in that way. I am not an expert so don't know.

boomer

Andy,

<B>DO NOT CONNECT TO THE INTERNET ON YOUR HOME PC AGAIN until you have loaded some firewall software (and read the instructions)!!!!</B>

If you have a trojan, it is likely that it will notify the hacker everytime you go on-line.

I use Norton Personal Firewall (plus NAV), but any well know firewall will do for now! If you have an "always on" connection, a firewall is absolutely essential!!!!!!

If you have an alternate way to the internet, check out

kryten

As soon as you've got the firewall installed, go to the

andy6581

Cheers for the advice guys

I've installed Zone Alarm and it seems to be detecting everything. I just got this message:

The firewall has blocked Internet access to your computer (NetBIOS Name) from

Dave T-S

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Originally posted by andy6581:
<B>Cheers for the advice guys

I've installed Zone Alarm and it seems to be detecting everything. I just got this message:

The firewall has blocked Internet access to your computer (NetBIOS Name) from

Chris L

Another vote for ZoneAlarm - very good piece of software and it's free

Re your query Andy - that is just one of the Scoobynet servers doing a Netbios name lookup - nothing too serious. However, if you have any doubts - block it! (which is basically what ZoneAlarm will do)

Chris

ptholt

Zonealarm is ok for a basic package, its not totally secure though, i tend to use two pieces of software zonealarm and blackice defender.

I've got another one running on a server at home that looks VERY good, not quite as user friendly as zonealarm (which is a large factor in its appeal) but a bit more secure.

Blow Dog

Andy, scary stuff

Great advice all, I shall be following up this Zonealarm recommendation.

Cheers!
Cem

Mr Footlong

iTrader: (7)

Yes, zonealarm rocks!
I run it on my server at home with Cable Modem, FULLY configured up and it passes absolutely every
scan test that I throw at it.
Fully protects the server and the 3 PC's behind that.

After downloading, installing and configuring properly,try out somewhere like

Mr Footlong

iTrader: (7)

Noticed the GRC site above and tried that too.
Passed, fully stealthed.
Both good sites, worth trying, but Sygate one is very comphrehensive!


Noick

Mr Footlong

iTrader: (7)

What security issues have you come across then, ptholt?


Nick.

Dave T-S

None. Having a firewall on his firewall, he's just paranoid

Ps - How do you know your firewall's firewall is firewalled ok????

AlexM

Hi,

Agree with all mentioned above...

One thing worth pointing out is that Zonealarm and BlaceIce defender etc do not monitor outgoing packets which may leave you susceptible to some trojans and spyware.

AFAIK Norton personal firewall is the only product which monitors both incoming and outgoing packets.

Might be worth checking out other PD utilities which check for known trojans and spyware.. see

NITO

I've just downloaded the zonealarm. I ran the above test on synet and it came up that the dns port was open, how do I close this one??

thanks
Nito

NITO

Can you check where an ip address is from..eg I just received this!

The firewall has blocked Internet access to your computer (ICMP Unreachable) from 213.65.16.250.

whatever this means??

Nito

Chris L

Alex

ZoneAlarm does check outgoing packets. Any program attempting an outgoing connection (and that is not already configured in your list of installed programs) will be stopped by ZoneAlarm - it will then ask you for permission to deny or allow the connection.

Chris

andy6581

I'd like to know the answer to Nito's Question.

How can i lookup an ip to find it's source, i know you can use "nslookup" in NT but I'm using 98, any ideas?

If i can check the ip's i can then find out whether it's just my isp pinging me, or whether it's an "Intruder".

Further to being originally hacked, i've narrowed it down to a select group of people, and if i can catch them again I'm sure i'll recognise them if i can look up their IP's

Cheers for all the advice guys, maybe we've all learned a bit!

Cheers

Andy

bob

I get the same as Nito.
Mine's 217.81.141.3 Mine belongs to a German isp thats as far as I got.They been knocking on my door for the last 3 days, 24 hrs a day, every 2 mins.
Nito yours is from Telia Network Services Sweden
You get these thing going to the **** sites They don't know you have left and think you are still on line with them, so i'm told.

Chris L

If you're interested in locating the owner of an IP address, a good starting point is:

James Neill

iTrader: (1)

You don't have to get a firewall. Although Zone Alarm is good for dial-up.

The following advice should stop most hacks without the need for a firewall.

kryten

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Originally posted by AlexM:
<B>One thing worth pointing out is that Zonealarm and BlaceIce defender etc do not monitor outgoing packets which may leave you susceptible to some trojans and spyware.

AFAIK Norton personal firewall is the only product which monitors both incoming and outgoing packets.[/quote]

Zonealarm does monitor outgoing packets and will ask for your permission before letting any new program access the net. You may grant this access once only, or for all future accesses. I often get messages pop up to say its blocked access to one of the adservers for some of the 'free-but-with-adverts' programs so I know it works.

Zonealarm also CRC checks each EXE that has been granted access as some trojans rename themselves to iexplore.exe and get out that way (I know the norton firewall didn't catch that originally - don't know if it does now)

I'm behind my own NAT router which is acting as a firewall and I run Zonealarm primarily as protection against trojans!!

As for tracing those IP addresses, if you have a dial up connection for which you get a dynamic IP address (ie different each time) I wouldn't bother - the next time you connect you'll get a different address so they can't keep track of your machine.

Its also common as the last user of that IP address may have dropped the line in the middle of a request and you could just be seeing that response.

If you have a static IP address then it may be worth checking, but unless you can prove continued access attempts (and by that I mean more than just pings) their ISP won't do anything anyway.

If you do want to trace the IP packets then I've always found

davefromevonet

just wanna say thanks for those who replied to this thread.I had no idea about this thing and i now have Zonealarm which fully passed the grc test.
ta!!
scoobynet not such a bunch of girls after all!!

KF

just a quick note. To resolve an IP address to hostname (on a Windows box) open a DOS session and use "ping -a"
i.e.

C:&gt;ping -a 207.46.230.218

yields:

Pinging <B>microsoft.com</B> [207.46.230.218] with 32 bytes of data:

Then use a whois service to find out who has registered the domain.